GITNUXREPORT 2025

Social Engineering Attacks Statistics

Most cyberattacks depend on social engineering to deceive and exploit organizations.

Jannik Lindner

Jannik Linder

Co-Founder of Gitnux, specialized in content and tech since 2016.

First published: April 29, 2025

Our Commitment to Accuracy

Rigorous fact-checking • Reputable sources • Regular updatesLearn more

Key Statistics

Statistic 1

75% of cyberattackers use social engineering techniques in their attacks

Statistic 2

81% of data breaches involve brute-force or stolen credential attacks, often facilitated by social engineering methods

Statistic 3

94% of malware delivered via email relies on social engineering to be successful

Statistic 4

The majority of ransomware attacks are preceded by social engineering techniques that compromise credentials

Statistic 5

63% of attackers utilize social engineering in spear-phishing campaigns

Statistic 6

35% of social engineering attacks are classified as spear-phishing, targeting specific individuals in an organization

Statistic 7

59% of social engineering attacks are carried out via email, with others using phone calls and in-person methods

Statistic 8

77% of social engineering attacks exploit psychological manipulation, making awareness training crucial

Statistic 9

72% of phishing campaigns involve social engineering, using tactics like urgency and fear to deceive recipients

Statistic 10

The average cost of a data breach involving social engineering is $4.45 million

Statistic 11

74% of organizations have successfully mitigated social engineering attacks through employee training

Statistic 12

58% of companies use security awareness training to combat social engineering attacks

Statistic 13

50% of organizations have no formal training program to recognize social engineering

Statistic 14

66% of organizations do not have effective processes in place to detect social engineering incidents

Statistic 15

59% of organizations do not have a dedicated team focused on detecting social engineering attempts

Statistic 16

91% of cyberattacks start with a phishing email

Statistic 17

83% of successful cyberattacks start with a phishing email

Statistic 18

63% of successful attacks exploited email as the attack vector

Statistic 19

91% of cyberattacks begin with a phishing email

Statistic 20

83% of phishing emails bypass spam filters, relying heavily on social engineering to deceive recipients

Statistic 21

40% of employees have clicked on a phishing link, unaware of its malicious intent

Statistic 22

98% of cyberattacks rely on social engineering tactics

Statistic 23

Business email compromise (BEC) scams cost organizations over $2.4 billion annually

Statistic 24

60% of data breaches involve social engineering as a primary vector

Statistic 25

4 in 10 employees cannot recognize social engineering scam attempts

Statistic 26

85% of organizations have suffered a social engineering attack

Statistic 27

76% of organizations have fallen victim to a phishing attack

Statistic 28

70% of phishing attacks are financially motivated

Statistic 29

60% of social engineering attacks target employees aged 25-34

Statistic 30

52% of organizations do not test their employees against simulated social engineering attacks

Statistic 31

Phishing attacks increased by 65% during the COVID-19 pandemic

Statistic 32

63% of cybersecurity incidents involve social engineering

Statistic 33

Social engineering attacks target 1 in 4 employees annually

Statistic 34

46% of organizations have experienced a social engineering attack in the last year

Statistic 35

60% of malware attacks are facilitated via social engineering tactics

Statistic 36

73% of organizations report being targeted by phishing attacks that use social engineering tactics

Statistic 37

92% of cybercriminals use social engineering in some phase of their attack

Statistic 38

87% of organizations recognize social engineering as a major threat

Statistic 39

78% of security breaches involve some form of social engineering

Statistic 40

90% of successful cyberattacks rely on social engineering techniques

Statistic 41

65% of organizations reported an increase in social engineering attacks over the past year

Statistic 42

33% of organizations believe their employees are their weakest security link

Statistic 43

The FBI reported that Business Email Compromise scams caused $2.7 billion in losses in 2021, a significant portion due to social engineering

Statistic 44

The average age of social engineering victims is 35 years old, indicating that young professionals are notably targeted

Statistic 45

72% of organizations have experienced a social engineering attack that penetrated their security defenses

Statistic 46

Nearly 90% of data breaches are caused by human errors, often due to social engineering tactics

Statistic 47

85% of organizations consider phishing their biggest cybersecurity threat, often enabled by social engineering

Statistic 48

61% of organizations do not regularly test their defenses with simulated social engineering exercises

Statistic 49

The global cost of social engineering attacks is expected to reach over $5 trillion annually by 2024

Statistic 50

78% of critical infrastructure organizations have experienced a social engineering attack

Statistic 51

80% of employees admit to falling for phishing scams at least once, highlighting human vulnerability

Statistic 52

49% of companies have experienced social engineering attacks that resulted in data loss

Statistic 53

60% of data breaches originate from social engineering tactics such as phishing, pretexting, or baiting

Statistic 54

55% of cybersecurity professionals cite social engineering as the most difficult attack to defend against

Statistic 55

69% of cybersecurity leaders believe that social engineering is the top source of security breaches

Slide 1 of 55
Share:FacebookLinkedIn
Sources

Our Reports have been cited by:

Trust Badges - Publications that have cited our reports

Key Highlights

  • 98% of cyberattacks rely on social engineering tactics
  • 91% of cyberattacks start with a phishing email
  • Business email compromise (BEC) scams cost organizations over $2.4 billion annually
  • 60% of data breaches involve social engineering as a primary vector
  • 4 in 10 employees cannot recognize social engineering scam attempts
  • 85% of organizations have suffered a social engineering attack
  • 76% of organizations have fallen victim to a phishing attack
  • 60% of data breaches originate from social engineering tactics such as phishing, pretexting, or baiting
  • 75% of cyberattackers use social engineering techniques in their attacks
  • 70% of phishing attacks are financially motivated
  • 81% of data breaches involve brute-force or stolen credential attacks, often facilitated by social engineering methods
  • The average cost of a data breach involving social engineering is $4.45 million
  • 60% of social engineering attacks target employees aged 25-34

Did you know that a staggering 98% of cyberattacks rely on social engineering tactics, making human vulnerability the weakest link in cybersecurity defenses?

Cyberattack Techniques and Social Engineering

  • 75% of cyberattackers use social engineering techniques in their attacks
  • 81% of data breaches involve brute-force or stolen credential attacks, often facilitated by social engineering methods
  • 94% of malware delivered via email relies on social engineering to be successful
  • The majority of ransomware attacks are preceded by social engineering techniques that compromise credentials
  • 63% of attackers utilize social engineering in spear-phishing campaigns
  • 35% of social engineering attacks are classified as spear-phishing, targeting specific individuals in an organization
  • 59% of social engineering attacks are carried out via email, with others using phone calls and in-person methods
  • 77% of social engineering attacks exploit psychological manipulation, making awareness training crucial
  • 72% of phishing campaigns involve social engineering, using tactics like urgency and fear to deceive recipients

Cyberattack Techniques and Social Engineering Interpretation

With nearly three-quarters of cyberattacks leveraging social engineering—especially through email and spear-phishing—it's clear that in today's digital battlefield, psychological manipulation is as dangerous as technical breaches, underscoring the critical need for heightened awareness and vigilance.

Financial and Data Breach Consequences

  • The average cost of a data breach involving social engineering is $4.45 million

Financial and Data Breach Consequences Interpretation

With social engineering breaches costing an average of $4.45 million, it's clear that a well-crafted con is now more expensive than most CEO annual bonuses—highlighting the urgent need for robust employee awareness.

Organizational Response and Preparedness

  • 74% of organizations have successfully mitigated social engineering attacks through employee training
  • 58% of companies use security awareness training to combat social engineering attacks
  • 50% of organizations have no formal training program to recognize social engineering
  • 66% of organizations do not have effective processes in place to detect social engineering incidents
  • 59% of organizations do not have a dedicated team focused on detecting social engineering attempts

Organizational Response and Preparedness Interpretation

While over three-quarters of organizations have managed to thwart social engineering threats through employee training, the fact that nearly half lack formal programs and most lack dedicated detection teams highlights a concerning gap between awareness and proactive defense strategies in cybersecurity.

Phishing and Email-based Attacks

  • 91% of cyberattacks start with a phishing email
  • 83% of successful cyberattacks start with a phishing email
  • 63% of successful attacks exploited email as the attack vector
  • 91% of cyberattacks begin with a phishing email
  • 83% of phishing emails bypass spam filters, relying heavily on social engineering to deceive recipients
  • 40% of employees have clicked on a phishing link, unaware of its malicious intent

Phishing and Email-based Attacks Interpretation

With over 91% of cyberattacks launching via phishing emails—many slipping past spam filters and fooling nearly half of employees—it's clear that the greatest vulnerability in cybersecurity remains human trust, which hackers cleverly exploit through social engineering.

Prevalence and Impact of Social Engineering

  • 98% of cyberattacks rely on social engineering tactics
  • Business email compromise (BEC) scams cost organizations over $2.4 billion annually
  • 60% of data breaches involve social engineering as a primary vector
  • 4 in 10 employees cannot recognize social engineering scam attempts
  • 85% of organizations have suffered a social engineering attack
  • 76% of organizations have fallen victim to a phishing attack
  • 70% of phishing attacks are financially motivated
  • 60% of social engineering attacks target employees aged 25-34
  • 52% of organizations do not test their employees against simulated social engineering attacks
  • Phishing attacks increased by 65% during the COVID-19 pandemic
  • 63% of cybersecurity incidents involve social engineering
  • Social engineering attacks target 1 in 4 employees annually
  • 46% of organizations have experienced a social engineering attack in the last year
  • 60% of malware attacks are facilitated via social engineering tactics
  • 73% of organizations report being targeted by phishing attacks that use social engineering tactics
  • 92% of cybercriminals use social engineering in some phase of their attack
  • 87% of organizations recognize social engineering as a major threat
  • 78% of security breaches involve some form of social engineering
  • 90% of successful cyberattacks rely on social engineering techniques
  • 65% of organizations reported an increase in social engineering attacks over the past year
  • 33% of organizations believe their employees are their weakest security link
  • The FBI reported that Business Email Compromise scams caused $2.7 billion in losses in 2021, a significant portion due to social engineering
  • The average age of social engineering victims is 35 years old, indicating that young professionals are notably targeted
  • 72% of organizations have experienced a social engineering attack that penetrated their security defenses
  • Nearly 90% of data breaches are caused by human errors, often due to social engineering tactics
  • 85% of organizations consider phishing their biggest cybersecurity threat, often enabled by social engineering
  • 61% of organizations do not regularly test their defenses with simulated social engineering exercises
  • The global cost of social engineering attacks is expected to reach over $5 trillion annually by 2024
  • 78% of critical infrastructure organizations have experienced a social engineering attack
  • 80% of employees admit to falling for phishing scams at least once, highlighting human vulnerability
  • 49% of companies have experienced social engineering attacks that resulted in data loss

Prevalence and Impact of Social Engineering Interpretation

With nearly 9 out of 10 cyberattacks leveraging social engineering and over half of organizations falling victim annually, it’s clear that in the cyber battlefield, humans remain both the weakest link and the most exploited weapon—making awareness and testing not just advisable but indispensable.

Social Engineering

  • 60% of data breaches originate from social engineering tactics such as phishing, pretexting, or baiting
  • 55% of cybersecurity professionals cite social engineering as the most difficult attack to defend against
  • 69% of cybersecurity leaders believe that social engineering is the top source of security breaches

Social Engineering Interpretation

With over two-thirds of cybersecurity leaders pinning social engineering as the primary culprit behind breaches, it's clear that human vulnerabilities remain the weakest link—and perhaps the most tempting target—in our digital defenses.

Sources & References